
Patron Privacy at Santa Cruz Public Libraries 

Trust and Transparency in the Age of Data Analytics 


Summary 

Libraries are one of the most trusted institutions in our country. People place 
librarians in the same class as doctors, nurses, firefighters, and teachers. 

- Erin Berman, Library Privacy Advocate 111 

The quotation from Berman reflects the importance of libraries as sanctuaries of intellectual 
freedom. In the Digital Age, however, the role of libraries is evolving. In an attempt to satisfy 
perceived patron demand, some libraries, including Santa Cruz Public Libraries (SCPL), have 
started using data analytics tools similar to those used by businesses to market products to 
consumers. Using these tools in libraries is a potential threat to patron privacy and trust. 

This report examines SCPL’s use of third-party data analytics in relation to current 
California law pertaining to confidential patron data; industry best practices for patron 
privacy; current SCPL privacy policy and staff concerns regarding privacy, 
transparency, and patron consent; and the perceived usefulness of these analytical 
tools. The Grand Jury has concluded that SCPL management did not recognize the 
importance of 

• informing patrons how SCPL uses their personal data; 

• giving patrons the opportunity to consent to use of their personal data; 

• explaining patron data use in proposed privacy policy and online documents; 

• adopting best practices outlined by the American Library Association; 

• carefully evaluating risks versus rewards when using data analytics; 

• staying abreast of state laws concerning library use of patron data; and 

• resolving the disagreements among staff regarding the use of data analytics and 
its implications for patron privacy. 
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Background 

Although Santa Cruz County library services began in 1916, the current structure of the 
Santa Cruz Public Libraries (SCPL; the Library) system, created in 1996, consists of a 
network of ten neighborhood library branches distributed county wide, a web-based 
digital library, a bookmobile, and community-based programs. 

Last year, SCPL expenditures were about $12M ($7.6M in salaries and $4.2M in 
operating costs). SCPL employs about 90 full-time equivalents and serves roughly 
135,000 registered patrons. All SCPL employees are City of Santa Cruz employees. 
The Watsonville library system is not part of SCPL and is not a subject of this Grand 
Jury investigation. 1 - 1 

SCPL is governed by the Library Joint Powers Authority (JPA), the agreement for which 
was last amended in 2015. The JPA board is currently composed of the County 
Administrative Officer and the city managers from Capitola, Santa Cruz, and Scotts 
Valley. Among other responsibilities, this board chooses the Library director and votes 
on approval for budget and library policies. 

SCPL is also guided by the Library Advisory Commission (LAC). The LAC represents 
the community by providing advice and feedback to the JPA board and the Library 
director. The LAC reviews programs and services and makes necessary 
recommendations as they pertain to the provision of these programs and services. The 
LAC consists of seven members: 

• Three residents of unincorporated Santa Cruz County appointed by the County 
Board of Supervisors. 

• Two Santa Cruz city residents appointed by the Santa Cruz City Council. 

• One Capitola resident appointed by the Capitola City Council. 

• One Scotts Valley resident appointed by the Scotts Valley City Council. 

In early 2019 the LAC recently agreed to participate in the review of library policies, 
including privacy policies. 121 

As prescribed by Measure S, approved by voters in 2016, SCPL is in the midst of a 
massive infrastructure upgrade, which will dramatically affect all of the branches in the 
system. 

SCPL’s “Strategic Plan 2017-2021: Premise and Process,” published on the SCPL 
website , m stresses the importance of finding better ways to connect with patrons. This 
planning document quotes former Santa Cruz Museum of Art and History Director Nina 
Simon’s book, The Art of Relevance: 

The most powerful way to gain access to a new community is not by 
creating programming or marketing campaigns you think might fit 
their interests. Instead it starts with networking. ... Listen to their 
interests and concerns. The more you understand what matters to them 
and what experiences they seek, the better you can assess whether and 
how you can connect with them, [emphasis added] 
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Using this premise of community relevance, in 2016 SCPL initiated conversations with 
individuals, small groups, and organizations to explore new potential directions for the 
Library.® However, the concluding paragraphs of the SCPL’s “Premise and Process” 
document describe the proposed use of a data analytics tool called Gale Analytics on 
Demand (AoD) that “allows the Libraries to have access to detailed analysis of SCPL 
household level data to better understand communities’ and patrons’ needs.” 

There is a disconnect within the SCPL’s “Premise and Process” document. The 
document suggests that the best way to understand patrons’ interests and concerns is 
to ask patrons directly. Contrarily, the document advocates obtaining patron information 
by using a data analytics tool, which does not involve any direct interaction with patrons. 

There is also a conflict between how SCPL protects patron privacy and how SCPL uses 
patron data to “better understand communities’ and patrons’ needs.” 1 - 1 The Grand Jury 
found that SCPL did not adequately research protection of patron information when 
using data analytics tools. 

The Grand Jury also found that SCPL did not inform patrons what additional information 
about them was gathered and retained in the library’s computer system, nor were they 
allowed a choice about whether they consented to SCPL gathering this information. 

Scope and Methodology 

The Grand Jury interviewed staff and management of SCPL, as well as representatives 
of the JPA board and the LAC. 

The Grand Jury also interviewed representatives of external library organizations with 
expertise in patron privacy and data analytics. 

Grand Jury members attended JPA board and LAC meetings. 

The Grand Jury sought legal advice in understanding specific State laws governing 
library mandates and requirements for handling confidential patron information. 

The Grand Jury reviewed the SCPL public website, budget and planning documents, 
internal documents and reports, operational procedures, and contracts with third parties. 

The Grand Jury reviewed documents from external organizations including the 
American Library Association (ALA), Pacific Library Partnership (PLP), Califa Group (a 
state-wide purchasing consortium supporting regional consortia like PLP), and the State 
Library Board. 

The Grand Jury compared and contrasted the online privacy policies of selected 
American libraries and conducted additional internet research concerning data analytics 
and library patron privacy. 
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Investigation 

What is Gale Analytics on Demand? 

Gale Analytics on Demand (AoD) is a service provided by Cengage Learning since 
2014 that allows libraries to conduct socio-economic analysis of the communities they 
serve. 0 AoD includes a suite of analytical tools for 

• evaluating and visualizing patron demographics, branch activity, and collection 
usage; 

• planning marketing campaigns; and 

• targeting voting patrons ahead of elections that could benefit the library. 0 

These tools are powered by Mosaic, Experian’s proprietary system of 71 
socio-economic profiles (“lifestyle segments”) for categorizing households in the 
community. 01 — 1 011 Appendix A illustrates the Mosaic system and includes a description 
of “Silver Sophisticates” (C-13), a well-represented lifestyle segment in Santa Cruz. 

To use AoD, the library exports patron information—such as physical address, date of 
last checkout, and number of books checked out—from its internal database to the AoD 
cloud service. AoD blends and augments this patron information with the Experian 
Mosaic profile and U.S. census data for each household. AoD then delivers the resulting 
aggregate data file and illustrated summary reports to the library for further analysis. 

The library uses this information to plan programs and services. As a result, the library 
holds significantly more household-level data in its computer system than patrons 
originally provided. 

A Timeline of AoD Use at SCPL 

SCPL first considered using AoD in late 2015, under a previous Library director. Library 
staff voiced concerns about patron privacy at that time. 

In early 2016, SCPL obtained free access to AoD through its membership in PLP, a 
regional library consortium in the San Francisco and Monterey Bay areas. [ - ] SCPL 
started AoD training with the goals of gaining insights into patron demographics and 
assisting in library strategic planning. 

In 2017 SCPL released a strategic planning document that briefly mentioned that AoD 
would provide “access to detailed analysis of SCPL household level data to better 
understand communities’ and patrons’ needs.” 110 

In 2017 and 2018, SCPL staff members experimented with the program to assist in 
marketing and library planning work. [il] In late 2018 or early 2019 SCPL suspended its 
use of AoD. Staff concerns about the use of AoD triggered a series of steps to review 
and update the Library’s privacy policies and practices. After a succession of proposed 
drafts dating back to November 2018, the JPA approved an update to SCPL’s privacy 
policy on June 6, 2019.^ 
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Issues Raised by the Library’s Use of Data Analytics 

Disclosing Use of Patron Data 

The Grand Jury found that the undated “Information We Keep About You” document on 
the SCPL website 1111 is inaccurate and incomplete. It does not describe the data 
returned to the Library by AoD. This tool aggregates more than 300 data factors at the 
household level—information not provided to the Library by the patron. These factors 
include household income, education levels, number and age of children, number of 
years at residence, spending habits, and web browsing behavior. 1 - 1 As discussed 
above, the tool then assigns one of 71 “lifestyle segments” to the household, which infer 
patron behaviors and interests based on socio-economic status and other factors. 
National standards classify these data as personally identifiable information (Pll). [ — ] ^ 

Less significant are inconsistencies between “Information We Keep About You” and the 
information actually gathered during the library card application process. Contrary to 
what is published on the website, the application process does not require a patron’s 
Social Security number or the expiration date of the patron’s driver license, but it does 
require home library branch and mobile phone carrier. 1221 

Furthermore, the “Information We Keep About You” document doesn’t accurately reflect 
the fact that SCPL retains patrons’ borrowing data in the form of total number of 
checkouts and date of last checkout; AoD uses these two data points in addition to 
patron address as inputs for its data analysis process. 1211 

In the April 15, 2019 meeting of the LAC, SCPL staff disclosed the use of AoD. 

However, the topic was not agendized, did not appear in the minutes, and the 
discussion did not address how the use of data analytics might impact revision of the 
library privacy policy. After disclosing use of AoD, Library staff informed LAC that SCPL 
had stopped using the tool. However, there was no discussion about how privacy 
concerns introduced by the use of data analytics tools could be resolved—or if they had 
been resolved, whether the Library would consider resuming use of AoD. 122112211 - 1 

Gaining Consent from Patrons 

As the Library began to acquire a wide array of information on each of its patrons, and 
as data privacy issues appeared more frequently as headlines in the news, some of the 
staff were increasingly concerned that the patrons were unable to consent to this 
gathering and examination of additional patron information. 1 - 1 

Staff made suggestions to develop a comprehensive system to clarify for patrons what 
data is collected by SCPL, and to allow patrons to “opt out” if they so choose. To date, 
these suggestions have not been implemented. 1221 

As will be examined in more depth in the next section of the report, California laws and 
regulations are silent on the need for libraries to obtain patron consent when engaging 
third parties. However, European Union General Data Protection Regulations (GDPR) 123 
and California Consumer Privacy Act (CCPR), 1221 which apply to businesses, could also 
provide guidance for libraries as they develop patron disclosure and consent policies 
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and practices. These legislative efforts provide key insights that would allow patrons to 
stay in control of their data, which is the key element of many of these new privacy 
initiatives. 

Management at the Library has not yet acted on staff suggestions to build a consent 
system for patrons. Such a system would clearly advise patrons about the data 
collected and how it is used, and would solicit patron consent as appropriate.^ 

The SCPL privacy policy update approved on June 6, 2019, includes the following 
section on the topic of choice and consent: 

SCPL will only collect personal information for the administration of library 
services. Administrative services includes creation of hold records, fine 
billing and collection, marketing of library programs/services and creation 
of organizational statistics such as SCPL circulation, website visits and 
Wi-Fi use. 

Patrons may choose to provide additional data such as preserving their 
circulation records to maintain personal reading lists or receive reading 
suggestions. If a patron voluntarily chooses to provide additional 
information, this information will be considered confidential. 

SCPL will not sell, license or disclose personal information to any third 
party without patron consent, unless SCPL is compelled to do so by law. w 

Even with these changes, many questions remain. In the context of this investigation, 
two questions are especially important: Does “marketing of library programs/services” 
include data analytics that targets specific patron groups? If so, is patron consent 
required? These and related questions need to be answered before a comprehensive 
consent policy can be developed and used by both Library staff and its patrons to make 
informed choices. 

A consent system is useful if the library performs some action the patron might not 
otherwise know about. For instance, if the library gathers information about patrons from 
third parties to inform library planning efforts, patrons should be allowed to opt-in or 
opt-out of that data collection and use. 

In such situations, the library should explain that personal data is part of the system, 
how the data will be processed, and how it will be used, in clear and concise terms. An 
overly detailed and technical presentation can lead to patrons simply clicking through to 
complete the choice; an oversimplified presentation can result in patrons not actually 
understanding the potential consequences of participating. The privacy policy of the San 
Jose Public Library is a good example of how to handle this delicate balance, in the way 
that it addresses patron consent. 1 — 1 

Understanding California Law Regarding Confidential Patron Information 

The Grand Jury initiated its investigation amid concern that SCPL may have violated 
State law by uploading patron data to the AoD cloud. As explained below, recent 
changes to the California Government Code should put this concern to rest. 
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The California Public Records Act, or CPRA, requires public disclosure of governmental 
records upon request, with certain exceptions (California Government Code, sections 
6250 through 6276.48). One set of exceptions, related to the confidential records of 
public library patrons, is covered by Section 6267, last amended in 2011-2012 by 
Senate Bill No. 445 (SB 445). SB 445 defines “patron use records” (in this context, 
equivalent to “personally identifiable information”) and clarifies the responsibilities of 
“private actors” (third-party vendors) employed by public libraries (Appendix B). The bill 
analysis of SB 445 by the Senate Judiciary Committee includes the rationale for 
amending Section 6267: 

Due to the public’s increased use of electronic library resources, libraries 
are increasingly utilizing third parties to store and maintain electronic 
library records. This bill would clarify that written or electronic patron use 
records, as defined, stored or maintained by public libraries or third 
parties on behalf of public libraries should not be publicly disclosed, 
with certain exceptions, [emphasis added] 

The State Senate Judiciary Committee recognized that, in the current electronic 
environment, California public libraries and their third-party vendors share responsibility 
for protecting confidential patron records. However, the law as amended by SB 445 
does not state whether libraries are legally responsible for the actions of third parties 
that they employ. Absent guidance from the law, California libraries can turn to best 
practices in the library community to guide them in their interactions with third-party 
vendors. These best practices will be discussed below. 

Another issue that the law does not address directly is the responsibility for managing 
and safeguarding confidential information that a library might acquire from a third party; 
an example is the Experian Mosaic profiles included in the aggregate data files that AoD 
returns to the library. This is an area where patron privacy law has not caught up with 
advances in technology. 

This review of California law is relevant to SCPL in several respects. When SCPL 
began using AoD in 2016, the Library’s privacy policy, “Confidentiality of Library 
Records,” 1221 (revised November 2010) referenced an obsolete version of Section 6267. 
As noted earlier, this may have contributed to concerns that the Library’s use of AoD 
violated State law. However, the Grand Jury has concluded that the use of AoD is 
permitted under the 2011-2012 version of the law, provided that the third-party vendor 
is working in service of the library. 

If SCPL had been aware of the 2011-2012 changes to the law, staff and management 
would have also understood what constitutes “patron use records” and how libraries and 
third-party vendors share responsibility in protecting patron privacy. For example, AoD 
requires the entry of a patron’s physical address; however, the law specifically includes 
“address” in the definition of “patron use records,” requiring the Library and third parties 
working on its behalf to keep this information confidential. This knowledge is essential to 
the Library’s policies and practices regarding patron privacy, patron consent, and 
third-party contracts. 
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Understanding the Terms of Use for AoD 

The Pacific Library Partnership (PLP), a consortium of 42 libraries, holds a contract with 
Cengage Learning allowing PLP to provide AoD to its member libraries, including SCPL. 
Because the contract was executed by the consortium, the member libraries using this 
analytical tool would not have seen the contract unless PLP shared it or individual 
libraries requested it. In the case of SCPL, our interviews have confirmed that the 
Library leadership did not obtain the actual contract until April 2019 and until then could 
not have been aware of the presence or absence of language protecting the interests of 
the Library and the privacy of its patrons. 1[ - ] Instead, the Library relied on PLP to 
conduct due diligence in its negotiation of the contract. 

When the Grand Jury requested “any licenses, agreements, or contracts for AoD,” 

SCPL provided a link to Gale Cengage Terms of Use for all of their web-based services 
and related apps. 1221 The Grand Jury was unable to determine how or why SCPL came 
to believe these terms applied specifically to AoD. 

The Grand Jury has obtained the contract between PLP and Cengage Learning 1 - 1 and 
concluded that it fails to explain several key points in clear and simple language, and 
does not address the following areas: 

• The confidentiality clause in the contract does not clearly state whether PLP 
member libraries should have access to contract’s terms and conditions. 

• The contract does not clearly state that the PLP, its member libraries, and 
Cengage Learning share responsibility for understanding and applying State laws 
pertaining to the protection of confidential patron information. 

• The contract does not acknowledge that PLP member libraries retain ownership 
of the information they provide to the service. 

• The contract does not clarify ownership and sharing of the aggregate data 
products produced by the service. 

• The contract does not explain the responsibilities of Cengage Learning in the 
event of a data breach. 

• The contract does not explain how PLP or its member libraries can terminate the 
agreement with the assurance that all data has been removed from the system. 

• The contract does not provide for the removal of individual patron records, should 
any patrons choose to opt out. 

Adopting Industry Best Practices and Standards 

The American Library Association (ALA) is recognized as the authoritative source of best 
practices and standards for the library community in the United States. The Library Bill of 
Rights 1211 and Intellectual Freedom Manual mm are general resources that are continually 
updated. Another document, ALA “Privacy Tool Kit,” provides detailed guidance on 
implementing policies to protect patron privacy. The recommended practices include 
designating a privacy officer with authority to administer privacy policies, review privacy 
clauses in contracts with third-party vendors, and conduct privacy audits. 1 - 1 
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ALA recommends that contracts with third-party vendors contain language that explicitly 
protects the interests of the library and the privacy of its patrons. In “Privacy: An Interpretation 
of the Library Bill of Rights,” ALA explains in more detail: 

Libraries should not share personally identifiable user information with 
third parties or with vendors that provide resources and library services 
unless the library has obtained the permission of the user or has entered 
into a legal agreement with the vendor. Such agreements should 
stipulate that the library retains control of the information, that the 
information is confidential, and that it may not be used or shared 
except with the permission of the library [emphasis added] 

A case study from the Seattle Public Library (SPL) provides even more specific 
guidance on contract language. SPL attaches an addendum to the “boilerplate” 
contracts typically provided by third-party vendors, with language to protect confidential 
patron information and indemnify the library against willful violations or negligence by 
the third party (Appendix C). [ - ] 

The ALA “Privacy Tool Kit” recommends that library privacy policies emphasize choice 
and consent, typically by allowing patrons to opt-in or opt-out of library services that use 
their personal data. 1 - 1 ALA considers patron consent to be especially important in the 
case of emerging technologies: 

It is important for libraries not to take the attitude that patrons no longer 
care about privacy. ... Patrons may not possess the discursive language 
or technology terms to articulate their complaint; however, it doesn’t mean 
that they do not care about data harvesting, data mining and sharing of 
their personal information behind the scenes with third parties. The lack of 
transparency in consent, data sharing and terms of service changes is a 
barrier to patron-centered service. m 

ALA policies provide little specific guidance about the use of data analytics tools. 

However, the following excerpt from the “Privacy Tool Kit” indicates that “big data” tools 
should be used with caution: 

It’s too easy to make incorrect correlations when personally identifiable 
information sits side by side with other data. Unless a patron opts-in, 
reading records should never be correlated with patron conduct, database 
usage, meeting room signups, etc. Libraries should also be aware of what 
information may be publicly visible. Data may exchange many hands with 
third parties, using libraries as conduits, allowing more opportunity for 
privacy breaches and data mining. As stewards of patron privacy, libraries 
should steer away from the practice of creating aggregate data without 
legitimate purposes 
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In order to better understand best practices of library use of data analytics, the Grand 
Jury consulted the writings of an expert in the field. In her article entitled “Big Brother is 
Watching You: The Ethical Role of Libraries and Big Data,” library privacy advocate Erin 
Berman describes the enticements for libraries to use data analytics: 

These [data analytics] companies are telling libraries that our patrons are 
demanding personalized services, that we are facing a future of 
irrelevance. Luckily for us, their products have all the answers. By tracking 
patron behavior we can give them the experience they have come to 
expect from this new digital world. Libraries can segment out our patrons, 
sending targeted marketing based on their behaviors, customizing our 
services based on what they read and what programs they attend. We will 
finally be able to use real data to tell our stakeholders why we are of 
value, so they won’t withdraw our funding. This messaging is a classic 
anxiety stick, followed by a marketing carrot. l - ] 

Berman summarizes her concerns as follows: 

Do not jump into big data without being intentional, transparent, and 
having a comprehensive understanding of how the products work. Utilizing 
different datasets to drive decision making and analyze the work done in 
libraries is extremely important, but it must be done with careful attention 
paid towards protecting our patrons’ privacy. l - ] 

The Library and Information Technology Association (LITA, a division of ALA) offers a 
number of practical steps 1 ^ 1 that can be taken by libraries to improve patron privacy in 
the area of digital content. In particular, LITA reviews practices designed to assist in the 
prevention of, and response to, a possible data breach. 

Effectiveness of Gale Analytics on Demand in Library Planning 

SCPL staff relied on vendor information to conclude that AoD could be an effective tool 
for library planning. [ - ] The purported benefits of using AoD included the following: 

• Justifying a grant request that would help a library better serve its community 

• Supporting funding requests 

• Deciding where to open a branch 

• Understanding where nonpatrons are located so that the library is more likely to 
reach them 

• Communicating more effectively with patrons 

• Making community-oriented collection and program decisions 

The ALA “Privacy Tool Kit” casts doubt on the effectiveness of data analytics because 
“it’s too easy to make incorrect correlations when personally identifiable information sits 
side by side with other data.’ ,[5el 

Recently, SCPL staff demonstrated the real-time use of AoD to the Grand Jury.^ 
Members cross-checked information they knew to be correct with data returned by AoD, 
and found that the AoD data was incorrect. 
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The demonstration gave rise to many questions, particularly regarding underserved 
populations, such as the poor and homeless. AoD generated reports that indicated 
there is no Experian data on approximately 30% of the total patron population. These 
are individuals with no credit cards or credit history. There is no evidence that the AoD 
analysis compensates for this skewing of data. 

Homeless individuals frequently give the Homeless Service Center at 115 Coral St. as 
their address. The individuals who follow this practice all have the same physical 
address. A similar situation occurs with P.O. box holders, jail inmates, and children who 
receive library cards at school. The Grand Jury found it difficult to come up with a 
scenario where treating these clusters of unrelated individuals as households would 
produce meaningful data. 

On one occasion, SCPL staff used AoD to generate a report that showed the number of 
years patrons had lived at their current residence. The goal of this effort was to market a 
neighborhood history program to long-term residents of a neighborhood. But staff did 
not investigate the accuracy of the assumption that long-term residents are more likely 
to be interested than newcomers in the history of their neighborhoods. SCPL staff 
stated that this use of AoD did not yield the desired results. 1 - 1 Alternatively, staff might 
ask patrons directly about their interest in library programs. 

Explorations like those described above trigger the gathering and aggregation of patron 
data. These actions pose a risk to patron data, regardless of whether the data produced 
leads to successful planning exercises or marketing campaigns for the Library. 

Library Staff Concerns About the Use of Data Analytics 

Grand jury interviews indicated that Library staff have had ongoing concerns about 
several aspects of using AoD and data analytics in general: inconsistencies with 
Library’s privacy policy; failure to inform patrons and gain their consent; and legal and 
ethical issues concerning confidential patron information shared with third parties. 

As early as 2015, SCPL staff voiced concerns that AoD use constituted a possible 
violation of patron privacy. 1 - 1 These concerns were brought to the attention of three 
successive Library directors but have not been resolved. 

SCPL typically responded to these concerns by referring staff to the vendor. In June 
2018, for example, the vendor answered a SCPL inquiry as follows: 

• Gale does not personally handle the library data. There is no need for 
someone outside the library to manually review, handle, or receive files, 
like there is with other services. All data is submitted to the tool directly by 
the library. In other words, there is no data being “exchanged with third 
parties, ” as the statement from ALA cautions against. 

• When the tool generates reports, the library can delete the report at their 
discretion. There is nothing maintained by us or a 3rd party. 

• The only information AOD requires to function, is an address. We do not 
require a name or any other identifiable information that is not public 
record. ^ 
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The Grand Jury and some of the SCPL staff disagree with this assessment and believe 
that Gale Cengage is a third party that receives and augments patron personal 
information. AoD proponents among the staff accepted and relied on the above 
explanation of patron data use without performing an independent investigation into 
whether these statements were accurate. SCPL management also acknowledged that 
some risk associated with AoD use might be necessary to remain competitive in the 
marketplace.^ 

SCPL staff also expressed concerns that patrons were not informed or given a choice 
regarding AoD use of patron data. Some questioned whether the Library should be run 
like a commercial venture vying for patron market shared 

The Grand Jury concluded that these differences of opinion were not adequately 
addressed within the Library, and the lack of resolution contributed to difficulties in 
developing and implementing a relevant and timely privacy policy and practice. 

Conclusion 

SCPL faces many complex challenges in the years ahead.These include rebuilding 
infrastructure, accommodating potential budget and staffing shortfalls, and satisfying 
rapidly changing patron needs and expectations. Despite the stresses of these 
circumstances, and differing visions for the Library, SCPL staff uniformly demonstrated 
professionalism, dedication, passion for their institution, and unflagging service to 
patrons. 

Public libraries like SCPL are sanctuaries of intellectual freedom. In response to the 
Digital Age, however, the role of libraries is evolving. People can now use internet 
search engines to get information, rather than visiting the library or calling a reference 
librarian. To stay relevant yet true to one of their core missions, serving the 
underserved, libraries have begun placing more emphasis on services such as 
computer training and access to electronic media, educational programs and community 
meetings, and referrals for at-risk patrons to social and government programs. 

In an attempt to satisfy perceived patron demand, some libraries, including SCPL, have 
also started using data analytics tools similar to those used by businesses to market 
products to consumers. Using these tools in libraries is a potential threat to patron 
privacy and trust. 

This report has examined SCPL’s use of third-party data analytics in relation to current 
California law pertaining to confidential patron data; industry best practices for patron 
privacy; current SCPL privacy policy and staff concerns regarding privacy, 
transparency, and patron consent; and the perceived usefulness of these analytical 
tools. 

The Grand Jury has concluded that SCPL management did not recognize the 
importance of 

• informing patrons how SCPL uses their personal data; 

• giving patrons the opportunity to consent to use of their personal data; 
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• explaining patron data use in proposed privacy policy and online documents; 

• adopting best practices outlined by the ALA; 

• carefully evaluating risks versus rewards when using AoD; 

• staying abreast of state laws concerning library use of patron data; and 

• resolving the disagreements among staff regarding the use of AoD and its 
implications for patron privacy. 

Findings 

FI. The use of Gale Analytics on Demand by Santa Cruz Public Libraries was 

inconsistent with the Library’s long-standing policy on Confidentiality of Library 
Records (policy 303, adopted February 2006; revised November 2010) and 
companion document, “Information We Keep About You.” 

F2. The use of Gale Analytics on Demand, or any other data analytics tool, by Santa 
Cruz Public Libraries is not clearly addressed in the Library’s newly revised 
policy, Confidentiality of Library Records & Patron Data Privacy Policy (policy 
303, adopted June 6, 2019). 

F3. Santa Cruz Public Libraries did not adequately inform its patrons about the 
Library’s use of Gale Analytics on Demand or obtain their consent for this use. 

F4. Santa Cruz Public Libraries used Gale Analytics on Demand without adequately 
considering the patron privacy aspects of current California law. 

F5. Santa Cruz Public Libraries used Gale Analytics on Demand without examining 
the contract for this service, thus raising potential liability issues related to data 
ownership, data breaches, and patron privacy. 

F6. The contract is unclear and does not contain language that protects the interests 
of the Pacific Library Partnership, its member libraries, and their patrons. 

F7. The use of Gale Analytics on Demand by Santa Cruz Public Libraries is 

inconsistent with best practices in the library community regarding patron privacy. 

F8. Santa Cruz Public Libraries used Gale Analytics on Demand without adequately 
evaluating the effectiveness of the tool. 

F9. The use of Gale Analytics on Demand by Santa Cruz Public Libraries has 
created disagreement among Library staff concerning the traditional 
responsibility of libraries to protect patron privacy, the validity of data analytics as 
a planning tool, and potential security vulnerabilities of the system. 

Recommendations 

R1. Santa Cruz Public Libraries (SCPL), in coordination with the Library Advisory 

Commission (LAC) and Library Joint Powers Authority (JPA) board, should revisit 
the Library’s revised privacy policy (adopted June 6, 2019) to specifically address 
the use of data analytics and other tools utilizing patron information. (F1-F4, F7) 

R2. SCPL should implement a system for obtaining and managing patron consent for 
data analytics and other tools that use patron information. (F3) 
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R3. SCPL management and staff, in coordination with LAC and the JPA board, 
should stay abreast of changes to state law, especially as it concerns patron 
privacy and evolving technology, and update Library policies and practices in 
response to such changes. (F4) 

R4. SCPL should review the contracts for all third-party digital services used by the 
Library, including those provided by library consortia. (F5, F6) 

R5. SCPL should adopt guidelines and practices suggested by the American Library 
Association with regard to patron privacy and data analytics services. (F7) 

R6. SCPL should designate a data privacy officer and give this officer full authority 
and responsibility to implement and enforce the privacy policy, and to periodically 
report to the SCPL director, JPA board, LAC, and the public. (F7) 

R7. SCPL should perform a meaningful evaluation of any tool that uses patron 

information to determine if the benefits outweigh the risks to patron privacy. (F8) 

R8. SCPL should offer workshops for patrons to explain how the Library uses patron 
information and to explore related privacy issues. (F3, F4) 


Required Responses 


Respondent 

Findings 

Recommendations 

Respond Within/ 
Respond By 

Director, Santa Cruz 
Public Libraries 

F1-F9 

R1-R8 

90 Days 

September 23, 2019 

Library Joint Powers 
Authority Board 

F1-F5, F7 

R1, R3, R6 

90 Days 

September 23, 2019 


Requested Responses 


Respondent 

Findings 

Recommendations 

Respond Within/ 
Respond By 

Library Advisory 
Commission 

F1-F4, F7 

R1, R3, R5 

90 Days 

September 23, 2019 


Abbreviations and Acronyms 

• ALA: American Library Association 

• AoD: Gale Analytics on Demand 

• JPA: Joint Powers Authority 

• LAC: Library Advisory Commission 

• Pll: Personally Identifiable Information 

• PLP: Pacific Library Partnership 

• SCPL: Santa Cruz Public Libraries 
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Experian Mosaic Groups and Segments with Nationwide Percentages 1 ^ 
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Experian Mosaic Groups and Segments with Nationwide Percentages (cont.) 
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Description of Experian Mosaic Silver Sophisticates Segment — 1 

Silver Sophisticates are a mix of older and retired couples and singles living in suburban 
comfort. All but a small percentage of households are empty nests. Members of Silver 
Sophisticates live in upscale neighborhoods located near big cities and are highly 
educated. Typically, there is at least one retiree in the household, and those who are 
still in the workforce have well-paying technical and professional service jobs. They can 
afford to buy older, stylish homes worth upwards of half a million dollars. 

With the luxury of both time and money, these households pursue leisure-intensive 
lifestyles. They like to dine out, go to plays and concerts and shop for decorative 
antiques. They travel often, both on cruises and flights abroad to experience other 
cultures. These are fitness-minded households whose members typically belong to 
health clubs where they can be found walking, using cardio machines and pedaling 
stationary bicycles. Relaxation at home typically involves a book or Kindle. 

Silver Sophisticates describe themselves as brand loyal in the marketplace. They like to 
buy clothes and housewares in high-end stores as well as through catalogs and online. 
Acknowledging their technological anxiety, they rarely buy trendy consumer electronics. 
They do, however, like to buy premium cars, typically new imported models. 
Self-described “smart greens”, they also look for products that are made or packaged 
using recycled materials. 

This is a segment where traditional media still reigns supreme. Silver Sophisticates are 
into news; they are avid newspaper readers and tune in to radio newscasts. They 
subscribe to specialty magazines that cover cooking or cars. They have an 
above-average interest in TV and are particularly fond of news broadcasts, history 
programs, movies and political commentary. The internet is their first place they turn for 
practical activities like travel planning, researching stocks and doing medical research. 
Just don’t ask them to send a tweet, update their status or play a video game. 

Unlike other older segments, Silver Sophisticates are relatively liberal in their views, 
although they have a fairly equal split in support for the Republican, Democrat and 
Independent parties. Silver Sophisticates support environmental causes, equal rights for 
women and other progressive social issues. They are also active in the community and 
see themselves as members of the global village. They worry about international issues 
and volunteer for community groups. They also donate to a variety of charities involved 
with health, social services, education, politics, the environment, the arts and public 
broadcasting. 

Silver Sophisticates can afford to be philanthropic. These folks have amassed large 
nest eggs from diversified portfolios. They have high rates for owning retirement 
accounts like IRAs and Keoghs. They carry a number of credit cards, in part to take 
advantage of the rewards programs. After all, they never know when they might come 
across the perfect offer for a cool restaurant or a hot ticket to a Broadway show. 
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Appendix B 

California Government Code, Section 6267, as Amended by SB 445 (2011-2012) m 


6267. All patron use records of any library which is in whole or in part 
supported by public funds shall remain confidential and shall not be 
disclosed by a public agency, or private actor that maintains or stores 
patron use records on behalf of a public agency, to any person, local 
agency, or state agency except as follows: 

(a) By a person acting within the scope of his or her duties within the 
administration of the library. 

(b) By a person authorized, in writing, by the individual to whom the 
records pertain, to inspect the records. 

(c) By order of the appropriate superior court. 

As used in this section, the term “patron use records” includes the 
following: 

(1) Any written or electronic record, that is used to identify the 
patron, including, but not limited to, a patron’s name, address, 
telephone number, or e-mail address, that a library patron provides 
in order to become eligible to borrow or use books and other 
materials. 

(2) Any written record or electronic transaction that identifies a 
patron’s borrowing information or use of library information 
resources, including, but not limited to, database search records, 
borrowing records, class records, and any other personally 
identifiable uses of library resources information requests, or 
inquiries. 

This section shall not apply to statistical reports of patron use nor to 
records of fines collected by the library, [emphasis added to indicate 
changes from SB 445] 
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Appendix C 


Sample Contract Addendum from the Seattle Public Library (SPL) m] 

A provider of services to SPL will not reveal or disclose any data or 
records, either physical or electronic, which are designated as confidential 
by the Library or which pertain to SPL patrons when such data or records 
could be used in any manner to identify a Library patron or any references 
or materials that a specific Library patron accesses. 

A provider of services to SPL must treat all the designated or individually 
identifiable SPL records as confidential and protected. Encryption of such 
data while in motion or at rest, and restricting access to confidential data, 
are typical methods of data protection. No SPL records or data shall be 
released by the provider to any third party without the prior written consent 
of the SPL. 

In the event that the provider violates this addendum, then said 
provider agrees to indemnify, defend and hold harmless SPL and its 
employees from and against any losses, costs, expenses, liabilities 
(including attorney’s fees), penalties and sanctions arising out of or 
relating to such violation. This addendum does not limit the provider’s 
liability as specifically established under law. 

The Parties hereto agree that this amendment modifies, changes, 
amends and has precedence over any contradictory language in the 
contract between the Parties, [emphasis added] 
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